Security News

A new "Comprehensive toolset" called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers. "The spread of AlienFox represents an unreported trend towards attacking more minimal cloud services, unsuitable for crypto mining, in order to enable and expand subsequent campaigns," SentinelOne security researcher Alex Delamotte said in a report shared with The Hacker News.

Given how many organizations now use two or more public clouds - 87 percent of respondents in Flexera's 2023 State of the Cloud report said they have a multicloud strategy - it was important that Microsoft also look outward when talking about security baselines, according to Jim Cheng, senior software engineer at Microsoft. "Today we see that our customers often have to aggregate and reconcile their security management across multiple cloud platforms to meet security and compliance requirements," Cheng wrote in October 2022, when MCSB v1 entered public preview.

A new phishing campaign targeting Amazon Web Services logins is abusing Google ads to sneak phishing sites into Google Search to steal your login credentials. The malicious Google ads take the victim to a blogger website under the attackers' control, which is a copy of a legitimate vegan food blog.

"We want to make sure that you use public buckets and objects as needed, while giving you tools to make sure that you don't make them publicly accessible due to a simple mistake or misunderstanding," the company explained as it introduced Amazon S3 Block Public Access, a way to block public access to S3 buckets through the S3 management console. That's when AWS announced "a couple new features that simplify access management for data stored in Amazon Simple Storage Service."

A severe security flaw in the Amazon ECR Public Gallery could have allowed attackers to delete any container image or inject malicious code into the images of other AWS accounts.Amazon ECR Public Gallery is a public repository of container images used for sharing ready-to-use applications and popular Linux distributions, such as Nginx, EKS Distro, Amazon Linux, CloudWatch agent, and Datadog agent.

While some AWS partners chose to hold back on their announcements and statements ahead of AWS re:Invent 2022 - presumably in an attempt to vie for share of voice during the event - a handful were vocal in the run-up to this year's show, staged in Las Vegas between Nov. 28 and Dec. 2. How to connect to AWS. Data platform company Redis signed a tighter AWS deal this month to put its Redis Enterprise Cloud real-time data processing capabilities more closely within the global reach of AWS services.

Amazon Web Services has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources."This attack abuses the AppSync service to assume roles in other AWS accounts, which allows an attacker to pivot into a victim organization and access resources in those accounts," Datadog researcher Nick Frichette said in a report published last week.

Amazon Web Services fixed a cross-tenant flaw in AWS AppSync that could allow miscreants to abuse that cloud service to assume identity and access management roles in other AWS accounts, and then gain access to and control over those resources. No customers were affected by the vulnerability and no customer action is required, according to AWS. In a statement posted on Monday, the cloud services provider thanked Datadog for reporting the "Case-sensitivity parsing issue" in AppSync.

A new open-source 'S3crets Scanner' scanner allows researchers and red-teamers to search for 'secrets' mistakenly stored in publicly exposed or company's Amazon AWS S3 storage buckets. In addition to application data, source code or configuration files in the S3 buckets can also contain 'secrets,' which are authentication keys, access tokens, and API keys.

Does your organization spend countless resources hardening operating systems in the cloud? That's why CIS pre-hardens virtual machine images to CIS Benchmark standards. See how these CIS Hardened Images work by trying one in your cloud environment.